2025-09-15 –, Bierstadt Lagerhaus Stage
The Cybersecurity Center at MSU Denver had an issue where students wanted to write threat detection rules for our network collectors but there wasn't a good way for them to do so without breaking stuff. We built a GitOps workflow to enable student analysts to write threat detection rules. The students can then automatically and safely push the new rules to customer collectors across the State of Colorado. This session is a quick look at a student analysts workflow at The Cybersecurity Center at MSU Denver.
At the Cybersecurity Center at MSU Denver, we have several network collectors spread across the State of Colorado at various customer sites. The first iteration of collectors were on total autopilot: There wasn't a way for a student to write new threat detection rules for the collectors. We ended up building a GitOps workflow that enabled student analysts to take their log analysis to the next level. Students can now write threat detection rules and push them to a remote Git repository. From there we run some automatic tests to make sure that the new rule works. After the testing, our network collectors check their respective Git repository for custom rules and apply them automatically to Suricata. This session is a quick overview at how a student analyst at the Cybersecurity Center can write a new rule and how it gets pushed to the customer's network collector.
Maciej is a Cybersecurity Platform Architect (not his idea of a job title) at the Cybersecurity Center at MSU Denver. He spends most of his time building systems that give students real, hands-on experience with cybersecurity tools. He also runs workshops on Docker and containerization, and helps lead the CS² Community, a space where students get support and encouragement as they contribute to open source projects.